Fresh Install of multi-node docker, indexers not booting
78 views
Skip to first unread message
Austen Lowe
Feb 28, 2024, 5:27:46 AM2/28/24
to Wazuh | Mailing List
I have an AlmaLinux 9.2 Minimal CLI VM running on Hyper-V (Win 2022)
performed the following actions
sudo dnf update
--Installation of Hyper-V integration pack
sudo dnf install udftools
sudo modprobe udf
sudo dnf install cloud-init cloud-utils-growpart gdisk hyperv-daemons
sudo systemctl enable cloud-init.service
sudo dnf install WALinuxAgent cloud-init cloud-utils-growpart gdisk hyperv-daemons
sudo systemctl enable waagent.service
sudo systemctl enable cloud-init.service
sudo dnf install udftools
sudo modprobe udf
sudo dnf install cloud-init cloud-utils-growpart gdisk hyperv-daemons
sudo systemctl enable cloud-init.service
sudo dnf install WALinuxAgent cloud-init cloud-utils-growpart gdisk hyperv-daemons
sudo systemctl enable waagent.service
sudo systemctl enable cloud-init.service
dnf remove -y podman buidah
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
---Rebooted
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl start docker
systemctl enable docker
systemctl status docker
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl start docker
systemctl enable docker
systemctl status docker
--Had to install git
sudo dnf -y install git
downloaded wazuh 4.7.2 to /root/wazuh-docker
generated self signed certs as per documentation.
confirmed they were present under /config/wazuh_indexer_ssl_certs dir
proceeded to generate new password hashs for the admin and kibanaserver accounts and added to internal_users.yml
updated docker-compose.yml with new pass.
docker compose up -d
this results in all indexer containers looping on boot up with the following log
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-02-28T09:48:26,182][INFO ][o.o.n.Node ] [wazuh1.indexer] version[2.8.0], pid[1], build[rpm/db90a415ff2fd428b4f7b3f800a51dc229287cb4/2023-06-03T06:24:25.112415503Z], OS[Linux/5.14.0-362.18.1.el9_3.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.7/17.0.7+7]
[2024-02-28T09:48:26,186][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
[2024-02-28T09:48:26,187][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7508416696945986088, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms16g, -Xmx16g, -XX:MaxDirectMemorySize=8589934592, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-28T09:48:27,728][INFO ][o.o.s.s.t.SSLConfig ] [wazuh1.indexer] SSL dual mode is disabled
[2024-02-28T09:48:27,729][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-02-28T09:48:28,027][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] JVM supports TLSv1.3
[2024-02-28T09:48:28,029][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-02-28T09:48:28,720][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS Transport Client Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS Transport Server Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS HTTP Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-02-28T09:48:28,722][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2]
[2024-02-28T09:48:28,740][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Clustername: wazuh-cluster
[2024-02-28T09:48:28,887][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,888][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,889][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,889][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/extensions has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,891][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,891][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,892][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,892][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,894][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,899][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,900][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,902][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,903][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,904][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,904][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,905][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,905][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,906][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,906][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,907][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,907][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,908][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,908][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,909][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,909][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,910][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,910][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,911][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,912][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,912][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,913][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,913][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-28T09:48:38,525][INFO ][o.o.p.c.c.PluginSettings ] [wazuh1.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-02-28T09:48:38,528][INFO ][o.o.p.c.c.PluginSettings ] [wazuh1.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-02-28T09:48:39,084][INFO ][o.o.i.r.ReindexPlugin ] [wazuh1.indexer] ReindexPlugin reloadSPI called
[2024-02-28T09:48:39,086][INFO ][o.o.i.r.ReindexPlugin ] [wazuh1.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-02-28T09:48:39,127][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-02-28T09:48:39,161][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-02-28T09:48:39,163][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-02-28T09:48:39,191][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: observability, index: .opensearch-observability-job
[2024-02-28T09:48:39,197][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [aggs-matrix-stats]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [analysis-common]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [geo]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-common]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-geoip]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-user-agent]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-expression]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-mustache]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-painless]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [mapper-extras]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [opensearch-dashboards]
[2024-02-28T09:48:39,201][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [parent-join]
[2024-02-28T09:48:39,201][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [percolator]
[2024-02-28T09:48:39,202][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [rank-eval]
[2024-02-28T09:48:39,202][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [reindex]
[2024-02-28T09:48:39,203][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [repository-url]
[2024-02-28T09:48:39,203][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [search-pipeline-common]
[2024-02-28T09:48:39,204][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [systemd]
[2024-02-28T09:48:39,204][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [transport-netty4]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-alerting]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-geospatial]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-index-management]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-job-scheduler]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-knn]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-ml]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-neural-search]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-notifications]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-notifications-core]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-observability]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-security]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-security-analytics]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-sql]
[2024-02-28T09:48:39,257][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-02-28T09:48:39,262][INFO ][o.o.e.ExtensionsManager ] [wazuh1.indexer] ExtensionsManager initialized
[2024-02-28T09:48:39,291][INFO ][o.o.e.NodeEnvironment ] [wazuh1.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/almalinux-root)]], net usable_space [62.8gb], net total_space [69.9gb], types [xfs]
[2024-02-28T09:48:39,292][INFO ][o.o.e.NodeEnvironment ] [wazuh1.indexer] heap size [16gb], compressed ordinary object pointers [true]
[2024-02-28T09:48:39,419][INFO ][o.o.n.Node ] [wazuh1.indexer] node name [wazuh1.indexer], node ID [bEQflo0QTgWsRngvb9zr0Q], cluster name [wazuh-cluster], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-02-28T09:48:44,330][WARN ][o.o.s.c.Salt ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-28T09:48:44,447][ERROR][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-28T09:48:44,450][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-28T09:48:44,452][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh1.indexer] Message routing enabled: false
[2024-02-28T09:48:44,517][INFO ][o.o.s.f.SecurityFilter ] [wazuh1.indexer] <NONE> indices are made immutable.
[2024-02-28T09:48:45,327][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh1.indexer] Registered memory breaker.
[2024-02-28T09:48:45,806][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML memory breaker.
[2024-02-28T09:48:45,807][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML disk breaker.
[2024-02-28T09:48:45,808][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML native memory breaker.
[2024-02-28T09:48:45,927][INFO ][o.r.Reflections ] [wazuh1.indexer] Reflections took 53 ms to scan 1 urls, producing 15 keys and 37 values
[2024-02-28T09:48:46,905][INFO ][o.o.t.NettyAllocator ] [wazuh1.indexer] creating NettyAllocator with the following configs: [name=opensearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={opensearch.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=8mb}]
[2024-02-28T09:48:47,003][INFO ][o.o.d.DiscoveryModule ] [wazuh1.indexer] using discovery type [zen] and seed hosts providers [settings]
[2024-02-28T09:48:47,564][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-28T09:48:48,299][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh1.indexer] PerformanceAnalyzer Enabled: false
[2024-02-28T09:48:48,339][INFO ][o.o.n.Node ] [wazuh1.indexer] initialized
[2024-02-28T09:48:48,340][INFO ][o.o.n.Node ] [wazuh1.indexer] starting ...
[2024-02-28T09:48:48,460][INFO ][o.o.t.TransportService ] [wazuh1.indexer] publish_address {wazuh1.indexer/172.20.0.3:9300}, bound_addresses {172.20.0.3:9300}
[2024-02-28T09:48:48,657][INFO ][o.o.b.BootstrapChecks ] [wazuh1.indexer] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-cluster.log
[2024-02-28T09:48:48,681][INFO ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] Closing AuditMessageRouter
[2024-02-28T09:48:48,681][INFO ][o.o.n.Node ] [wazuh1.indexer] stopping ...
[2024-02-28T09:48:48,682][INFO ][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Closing DebugSink
[2024-02-28T09:48:48,702][INFO ][o.o.n.Node ] [wazuh1.indexer] stopped
[2024-02-28T09:48:48,703][INFO ][o.o.n.Node ] [wazuh1.indexer] closing ...
[2024-02-28T09:48:48,716][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh1.indexer] Closing AuditLogImpl
[2024-02-28T09:48:48,722][INFO ][o.o.n.Node ] [wazuh1.indexer] closed
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-02-28T09:48:26,182][INFO ][o.o.n.Node ] [wazuh1.indexer] version[2.8.0], pid[1], build[rpm/db90a415ff2fd428b4f7b3f800a51dc229287cb4/2023-06-03T06:24:25.112415503Z], OS[Linux/5.14.0-362.18.1.el9_3.x86_64/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.7/17.0.7+7]
[2024-02-28T09:48:26,186][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
[2024-02-28T09:48:26,187][INFO ][o.o.n.Node ] [wazuh1.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-7508416696945986088, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms16g, -Xmx16g, -XX:MaxDirectMemorySize=8589934592, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-02-28T09:48:27,728][INFO ][o.o.s.s.t.SSLConfig ] [wazuh1.indexer] SSL dual mode is disabled
[2024-02-28T09:48:27,729][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-02-28T09:48:28,027][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] JVM supports TLSv1.3
[2024-02-28T09:48:28,029][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-02-28T09:48:28,720][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS Transport Client Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS Transport Server Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] TLS HTTP Provider : JDK
[2024-02-28T09:48:28,721][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-02-28T09:48:28,722][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh1.indexer] Enabled TLS protocols for HTTP layer : [TLSv1.3, TLSv1.2]
[2024-02-28T09:48:28,740][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Clustername: wazuh-cluster
[2024-02-28T09:48:28,887][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,888][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,889][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,889][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/extensions has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,890][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,891][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,891][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,892][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,892][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,893][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,894][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,895][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,896][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,897][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,898][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,899][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,900][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,901][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,902][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,903][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,904][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,904][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,905][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,905][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,906][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,906][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,907][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,907][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,908][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,908][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,909][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,909][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,910][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,910][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,911][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,912][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,912][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,913][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-02-28T09:48:28,913][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-02-28T09:48:38,525][INFO ][o.o.p.c.c.PluginSettings ] [wazuh1.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-02-28T09:48:38,528][INFO ][o.o.p.c.c.PluginSettings ] [wazuh1.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-02-28T09:48:39,084][INFO ][o.o.i.r.ReindexPlugin ] [wazuh1.indexer] ReindexPlugin reloadSPI called
[2024-02-28T09:48:39,086][INFO ][o.o.i.r.ReindexPlugin ] [wazuh1.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-02-28T09:48:39,127][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-02-28T09:48:39,161][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-02-28T09:48:39,163][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-02-28T09:48:39,191][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh1.indexer] Loaded scheduler extension: observability, index: .opensearch-observability-job
[2024-02-28T09:48:39,197][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [aggs-matrix-stats]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [analysis-common]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [geo]
[2024-02-28T09:48:39,198][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-common]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-geoip]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [ingest-user-agent]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-expression]
[2024-02-28T09:48:39,199][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-mustache]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [lang-painless]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [mapper-extras]
[2024-02-28T09:48:39,200][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [opensearch-dashboards]
[2024-02-28T09:48:39,201][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [parent-join]
[2024-02-28T09:48:39,201][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [percolator]
[2024-02-28T09:48:39,202][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [rank-eval]
[2024-02-28T09:48:39,202][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [reindex]
[2024-02-28T09:48:39,203][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [repository-url]
[2024-02-28T09:48:39,203][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [search-pipeline-common]
[2024-02-28T09:48:39,204][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [systemd]
[2024-02-28T09:48:39,204][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded module [transport-netty4]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-alerting]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-02-28T09:48:39,205][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-geospatial]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-index-management]
[2024-02-28T09:48:39,206][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-job-scheduler]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-knn]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-ml]
[2024-02-28T09:48:39,207][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-neural-search]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-notifications]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-notifications-core]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-observability]
[2024-02-28T09:48:39,208][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-security]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-security-analytics]
[2024-02-28T09:48:39,209][INFO ][o.o.p.PluginsService ] [wazuh1.indexer] loaded plugin [opensearch-sql]
[2024-02-28T09:48:39,257][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh1.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-02-28T09:48:39,262][INFO ][o.o.e.ExtensionsManager ] [wazuh1.indexer] ExtensionsManager initialized
[2024-02-28T09:48:39,291][INFO ][o.o.e.NodeEnvironment ] [wazuh1.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/mapper/almalinux-root)]], net usable_space [62.8gb], net total_space [69.9gb], types [xfs]
[2024-02-28T09:48:39,292][INFO ][o.o.e.NodeEnvironment ] [wazuh1.indexer] heap size [16gb], compressed ordinary object pointers [true]
[2024-02-28T09:48:39,419][INFO ][o.o.n.Node ] [wazuh1.indexer] node name [wazuh1.indexer], node ID [bEQflo0QTgWsRngvb9zr0Q], cluster name [wazuh-cluster], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-02-28T09:48:44,330][WARN ][o.o.s.c.Salt ] [wazuh1.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-02-28T09:48:44,447][ERROR][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-02-28T09:48:44,450][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-02-28T09:48:44,452][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh1.indexer] Message routing enabled: false
[2024-02-28T09:48:44,517][INFO ][o.o.s.f.SecurityFilter ] [wazuh1.indexer] <NONE> indices are made immutable.
[2024-02-28T09:48:45,327][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh1.indexer] Registered memory breaker.
[2024-02-28T09:48:45,806][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML memory breaker.
[2024-02-28T09:48:45,807][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML disk breaker.
[2024-02-28T09:48:45,808][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh1.indexer] Registered ML native memory breaker.
[2024-02-28T09:48:45,927][INFO ][o.r.Reflections ] [wazuh1.indexer] Reflections took 53 ms to scan 1 urls, producing 15 keys and 37 values
[2024-02-28T09:48:46,905][INFO ][o.o.t.NettyAllocator ] [wazuh1.indexer] creating NettyAllocator with the following configs: [name=opensearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={opensearch.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=8mb}]
[2024-02-28T09:48:47,003][INFO ][o.o.d.DiscoveryModule ] [wazuh1.indexer] using discovery type [zen] and seed hosts providers [settings]
[2024-02-28T09:48:47,564][WARN ][o.o.g.DanglingIndicesState] [wazuh1.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-02-28T09:48:48,299][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh1.indexer] PerformanceAnalyzer Enabled: false
[2024-02-28T09:48:48,339][INFO ][o.o.n.Node ] [wazuh1.indexer] initialized
[2024-02-28T09:48:48,340][INFO ][o.o.n.Node ] [wazuh1.indexer] starting ...
[2024-02-28T09:48:48,460][INFO ][o.o.t.TransportService ] [wazuh1.indexer] publish_address {wazuh1.indexer/172.20.0.3:9300}, bound_addresses {172.20.0.3:9300}
[2024-02-28T09:48:48,657][INFO ][o.o.b.BootstrapChecks ] [wazuh1.indexer] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
ERROR: OpenSearch did not exit normally - check the logs at /var/log/wazuh-indexer/wazuh-cluster.log
[2024-02-28T09:48:48,681][INFO ][o.o.s.a.r.AuditMessageRouter] [wazuh1.indexer] Closing AuditMessageRouter
[2024-02-28T09:48:48,681][INFO ][o.o.n.Node ] [wazuh1.indexer] stopping ...
[2024-02-28T09:48:48,682][INFO ][o.o.s.a.s.SinkProvider ] [wazuh1.indexer] Closing DebugSink
[2024-02-28T09:48:48,702][INFO ][o.o.n.Node ] [wazuh1.indexer] stopped
[2024-02-28T09:48:48,703][INFO ][o.o.n.Node ] [wazuh1.indexer] closing ...
[2024-02-28T09:48:48,716][INFO ][o.o.s.a.i.AuditLogImpl ] [wazuh1.indexer] Closing AuditLogImpl
[2024-02-28T09:48:48,722][INFO ][o.o.n.Node ] [wazuh1.indexer] closed
Pablo Ariel Gonzalez
Jul 30, 2024, 5:42:49 PM7/30/24
to Wazuh | Mailing List
Hi Austen:
I'm sorry to see that we have not been able to respond this issue. Would you like us to review why the process failed or have you been able to resolve it by another means?
Thanks,
Reply all
Reply to author
Forward
0 new messages